I have a Linux environment that uses NIS and VAS (OneIdentity) for authentication/authorization. I am finding there is a mismatch or cache happening somewhere and I am unable to pinpoint where it is happening. When I log in as my user I and run id I will get a list of groups that I am a part of. Right now it lists that I am in
GroupA
GroupB
The nsswitch file has a group entry that looks like this
group: files nis
So it should read from files and then from NIS. All of the group information resides in NIS. FYI There is no initgroups entry in nsswitch
Now if I check the group db from the group name service switch database using
getent group -s files | grep {MyId}
It will show I am part of no groups (This is expected as I want all groups to roll through NIS)
However, if I query the NIS db using
getent group -s nis | grep {MyId}
It will show that I am part of all these groups
GroupA
GroupB
GroupC
GroupD
Here is where it starts to get interesting. If I check the initgroups db (Which I only semi-understand how this works) using
getent initgroups {MyId} -s files
It only shows my user id (This is expected as I want all groups to roll through NIS)
Now I will check what initgroups my user is part of in NIS
getent initgroups {MyId} -s nis
This matches what I see when I run id above
GroupA
GroupB
This to me seems like a mismatch. Wouldn't I expect to see the same results when querying NIS for groups and the initgroups? When I query groups it looks like I should be put in a lot more groups but I'm not for some reason.
I am also running nscd locally and have reloaded and restarted that service and no changes were noticed. I have also rebooted the machine with no luck either. Does anyone have a suggestion on what to check out next?